Talos Priviledged Namespace Secret Access

[suse-coder]

When I have a namespace (with strict RBAC SA) that is privileged and pods run in it, does Talos protects other namespaces on the same node, so that the privileged namespace cant access the secrets from the other namespaces?

[smira]

I'm not sure what a privileged namespace means, but in general this should be solved via Kubernetes RBAC.

Privileged pods are inherently insecure, there's additional SELinux level of protection available, but it doesn't cover cross-pod access.

So if you run a privileged pod with enough permission to escape to the host, that pod can read other pod's secrets via the filesystem access.

[suse-coder]

I thought that Talos protects one even if it is privileged by having each namespace giving its own chroot filesystem (even with root and privileged kernel access). As an attacker in a privileged namespace could just read the service account token of another namespace RBAC also does not work, when one would hold the secret just in memory.

[suse-coder]

Isnt SELinux for that?

[smira]

This is not how Kubernetes works unfortunately.

I linked the docs about SELinux, and I explicitly answered above about pod-to-pod protection.

Talos can't magically fix this issue, at least right now. See my recommendations above.

[suse-coder]

Would be great if Talos would have a solution as Nvidia Apps for Kubernetes (like Run:AI) will be used a lot. All need privileged access. Would be bad if i need my own nodes only to run them isolated.
https://run-ai-docs.nvidia.com/saas/getting-started/installation/system-requirements

[smira]

Everything NVIDIA (e.g. container-runtime) has lots of CVEs in general, so please keep that in mind.

I don't think Talos can provide a solution on top of Kubernetes for it.

But once again, you should actually analyze what Run:AI requests as pod privileges instead of just going off the PSA level. Once you have actual details, please open a specific conversation, right now the discussion is not to the point.